General
-
Target
4c3b693164a253bd814a15b9023e857c37454fdf9bcd1d96bdd81c2b70c88c9e
-
Size
10KB
-
Sample
221128-jcy6vsbd3v
-
MD5
792a85fdb970278f051caa1544d5fc56
-
SHA1
78f7add2940f2335c30d4a46779111c89de3f870
-
SHA256
4c3b693164a253bd814a15b9023e857c37454fdf9bcd1d96bdd81c2b70c88c9e
-
SHA512
898646c504c21b3f91f0fe763a0038d594e9c0be2210b2964485d6439e0dff3a0f39009d861bab876cd0f5ba51da7493d223d861dde9825ba0fd8cabd33a40b2
-
SSDEEP
192:cI1l/hJh7hbX8kLlVwMRzmrHbYqyrvaMHjcOp:JhJh7hbX8kLwMhiCvaMHj/p
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gettoner.com.mx/ - Port:
21 - Username:
[email protected] - Password:
fedxunited543@
Targets
-
-
Target
4c3b693164a253bd814a15b9023e857c37454fdf9bcd1d96bdd81c2b70c88c9e
-
Size
10KB
-
MD5
792a85fdb970278f051caa1544d5fc56
-
SHA1
78f7add2940f2335c30d4a46779111c89de3f870
-
SHA256
4c3b693164a253bd814a15b9023e857c37454fdf9bcd1d96bdd81c2b70c88c9e
-
SHA512
898646c504c21b3f91f0fe763a0038d594e9c0be2210b2964485d6439e0dff3a0f39009d861bab876cd0f5ba51da7493d223d861dde9825ba0fd8cabd33a40b2
-
SSDEEP
192:cI1l/hJh7hbX8kLlVwMRzmrHbYqyrvaMHjcOp:JhJh7hbX8kLwMhiCvaMHj/p
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-